The amount of information increases and its networking has been progressing as represented by words such as big data and cloud computing, and the concentration of information in a certain place has been progressing as represented by data centers. If information is excessively concentrated, a security hole of one place leads to a fatal information leak. Therefore, information security in communication channels is a consequential problem.
As a method of improving security of communication channels, quantum cryptography is well known (for example, see Non-Patent Document 1), but because a theoretical rationale thereof is based on quantum mechanics that is the theory for describing a microscopic world, there are restrictions, for example, a maximum transmission distance is about 100 km, or it is difficult to increase a transmission rate, and many problems arise in incorporating it into a network. A method called an α-η protocol has been proposed in order to solve the restrictions, but because security is based on a quantum mechanical property, the number of photons per signal has to be restricted to be several photons, the problem is not solved (for example, see Non-Patent Document 2).
A method invented in this regard is the secure optical communication technique using fluctuations (phase fluctuations, amplitude fluctuations, antisqueezed fluctuations, and the like); for example, see Patent Documents 1 to 4. In this method, security is improved using the fact that it is difficult to predict fluctuations, and because the method can operate with a light intensity in an ordinary optical communication without using a quantum mechanical property, there is no restriction to a transmission distance in principle, and it matches a present optical communication system as well. However, how to use the unpredictability of fluctuations is a problem, and Patent Documents 2 to 4 showed a method using a seed key, parity check symbols (an error correcting code), and multiple bases, making the unpredictability of fluctuations usable.
The principle is as follows.
(1) A sender and a authorized recipient share a seed key, and decide shared bases based on the seed key.
(2) The sender transmits random numbers with randomly chosen bases (random bases). Random numbers located at the slots in which the shared basis coincides with the random basis are dealt as a random number series 1, and random numbers located at the slots in which the shared basis does not coincide with the random basis are dealt as a random number series 2. Further, parity check symbols for either or both of the random number series 1 and 2 are also transmitted.
(3) The authorized recipient judges the random bases using received signals, and separates the transmitted random numbers into the random number series 1 and 2 by referring to the shared bases. At this time, because there are fluctuations, there are basis judgment errors. The presence or absence of judgment errors is determined by checking the parities of the random number series 1 or the random number series 2 and by checking if the parities coincide with the check symbols. When there is a basis judgment error, the random number of the corresponding slot is dealt with in a different series from a correct series, and the amounts of the random number series 1 and 2 change, and a correspondence relation between random numbers and the parity check symbols is disturbed. As a result, many parity errors occur, and a position in which the basis judgment error has occurred can roughly be deduced. A basis judgment of a slot suspected to have a judgment error is changed, and the parity check is repeated. The bases of all slots suspected to be basis-judgment errors are corrected by performing the repeating processes. Further, through those processes, bit errors are corrected as well.
(4) An unauthorized recipient does not hold the seed key and thus does not know the shared bases. Because the random numbers cannot be separated into the random number series 1 and 2, it is difficult to use the parity check symbols, correct the basis judgment errors, and correct the bit errors. Accordingly, there is a difference between the authorized recipient and the unauthorized recipient.
(5) The transmitted and received random numbers are reduced to an information amount (secret capacity) corresponding to the difference between the amount of information obtained by the authorized recipient and the amount of information obtained by the unauthorized recipient and the reduced random numbers are used as a secret key. Cipher communication of actual data is performed using the secret key.
This method is excellent in terms of that the fluctuations (bit errors) are ingeniously used in order to improve the security, but an exhaustive process is necessary for basis correction, and changing the basis judgment and checking the parity are needed several times even to correct only one slot. Because there are many bit errors (basis judgment errors) in the method using the fluctuations, this exhaustive process is very heavy, and becomes a great obstacle to introduction into an actual system. If redundancy is increased in encoding, the exhaustive process might be allayed, but in this case, encoding efficiency is lowered, and secret capacity is reduced as well. Further, even though the redundancy is increased, the exhaustive process is still necessary at a receiver. Thus, it is not a crucial solution.